Ransomware Nightmare: How a Group of Teenage Hackers Brought a Beloved Retailer to its Knees

A devastating cyber attack has crippled Marks & Spencer, one of Britain’s most beloved retailers, leaving thousands of customers in the lurch and costing the company an estimated £30 million in lost profits.

The attack, which was first reported on Easter Monday, has brought the company’s online and in-store operations to a grinding halt, with customers unable to complete orders or access their accounts. The company’s website, which processes nearly £4 million worth of business per day, has been down for over a week, and contactless payment systems have been unavailable.

The attack is believed to have been carried out by a group of teenage hackers known as Scattered Spider, who used a phishing text or email to gain access to the company’s system. The hackers then used ransomware to scramble the company’s data and demand a ransom in exchange for the decryption key.

The attack has had a devastating impact on customers, with many taking to social media to express their frustration and disappointment. One customer, Carly Jane, was left without her wedding cake after the company’s website was hacked. “It has messed our big day up and is causing stress,” she said. “It is a cake I have always loved.”

The attack has also had a significant impact on the company’s employees, with many taking to social media to express their frustration and concern. “Technology is great when it works,” wrote one employee in West Bromwich. “But when it doesn’t, the whole world has a meltdown!”

The attack is a stark reminder of the growing threat of cyber crime in the retail sector. According to the National Cyber Security Centre, 76% of large organisations have been targeted by cyber attacks in the past year, with the average cost of a single attack estimated to be £27 billion.

The attack on M&S is just the latest in a series of high-profile cyber attacks on British retailers. In April, the Co-op and Harrods were also targeted, with the Co-op shutting down parts of its IT systems and Harrods restricting internet access.

The costs of combatting cyber crime are estimated to be in the billions, with many retailers struggling to keep up with the threat. Analysts at Deutsche Bank estimate that M&S’s profits will have taken a £30 million blow from the ongoing turmoil.

The company’s chief executive, Stuart Machin, has apologised for the disruption and vowed to do everything in his power to prevent similar attacks in the future. “We are working day and night to resolve the problem and get our systems back online,” he said.

The attack has also raised questions about the company’s cybersecurity measures and whether they were sufficient to prevent the attack. Senior executives at M&S are understood to have been concerned over a lack of spending on IT and cybersecurity for some time.

The attack is a wake-up call for retailers and businesses across the country to take cybersecurity seriously and invest in measures to protect themselves against cyber attacks. As one expert noted, “There are no silver bullets, but a combination of factors can help, all the way through to being able to cope when something bad happens.”

Timeline of the Attack

Easter Monday: M&S website is hacked, and online operations are brought to a halt.

April 29: Co-op is targeted by hackers, and parts of its IT systems are shut down.

April 30: Harrods is targeted by hackers, and internet access is restricted.

May 3: M&S announces that it has made progress in resolving the issue, but online operations remain down.